Fedora 28: FEDORA-2018-9c38d1dc1d Critical: Symfony3 Header Issues

Symfony PHP framework (version 3).

NOTE: Does not require PHPUnit bridge.

## 3.4.14 (2018-08-01) * security #cve-2018-14774 [HttpKernel] fix trusted

headers management in HttpCache and InlineFragmentRenderer (nicolas-grekas) *

security #cve-2018-14773 [HttpFoundation] Remove support for legacy and risky

HTTP headers (nicolas-grekas) * bug #28003 [HttpKernel] Fixes invalid

REMOTE_ADDR in inline subrequest when configuring trusted proxy with subnet

(netiul) * bug #28007 [FrameworkBundle] fixed guard event names for transitions

(destillat) * bug #28045 [HttpFoundation] Fix Cookie::isCleared (ro0NL) * bug

#28080 [HttpFoundation] fixed using _method parameter with invalid type

(Phobetor) * bug #28052 [HttpKernel] Fix merging bindings for controllers'

locators (nicolas-grekas) ## 3.4.13 (2018-07-23) * bug #28005 [HttpKernel]

Fixed templateExists on parse error of the template name (yceruto) * bug #27997

Serbo-Croatian has Serbian plural rule (kylekatarnls) * bug #26193 Fix false-positive deprecation notices for TranslationLoader and WriteCheckSessionHandler

(iquito) * bug #27941 [WebProfilerBundle] Fixed icon alignment issue using

Bootstrap 4.1.2 (jmsche) * bug #27937 [HttpFoundation] reset callback on

StreamedResponse when setNotModified() is called (rubencm) * bug #27927

[HttpFoundation] Suppress side effects in 'get' and 'has' methods of

NamespacedAttributeBag (webnet-fr) * bug #27923 [Form/Profiler] Massively

reducing memory footprint of form profiling pages... (VincentChalnot) * bug

#27918 [Console] correctly return parameter's default value on "--" (seschwar)

* bug #27904 [Filesystem] fix lock file permissions (fritzmg) * bug #27903

[Lock] fix lock file permissions (fritzmg) * bug #27889 [Form] Replace

.initialism with .text-uppercase. (vudaltsov) * bug #27902 Fix the detection of

the Process new argument (stof) * bug #27885 [HttpFoundation] don't encode

cookie name for BC (nicolas-grekas) * bug #27782 [DI] Fix dumping ignore-on-uninitialized references to synthetic services (nicolas-grekas) * bug #27435

[OptionResolver] resolve arrays (Doctrs) * bug #27728 [TwigBridge] Fix missing

path and separators in loader paths list on debug:twig output (yceruto) * bug

#27837 [PropertyInfo] Fix dock block lookup fallback loop (DerManoMann) * bug

#27758 [WebProfilerBundle] Prevent toolbar links color override by css (alcalyn)

* bug #27834 [DI] Don't show internal service id on binding errors (nicolas-grekas) * bug #27831 Check for Hyper terminal on all operating systems.

(azjezz) * bug #27794 Add color support for Hyper terminal . (azjezz) * bug

#27809 [HttpFoundation] Fix tests: new message for status 425 (dunglas) * bug

#27618 [PropertyInfo] added handling of nullable types in PhpDoc (oxan) * bug

#27659 [HttpKernel] Make AbstractTestSessionListener compatible with

CookieClearingLogoutHandler (thewilkybarkid) * bug #27752 [Cache] provider does

not respect option maxIdLength with versioning enabled (Constantine Shtompel) *

bug #27776 [ProxyManagerBridge] Fix support of private services (bis) (nicolas-grekas) * bug #27714 [HttpFoundation] fix session tracking counter (nicolas-grekas, dmaicher) * bug #27747 [HttpFoundation] fix registration of session

proxies (nicolas-grekas) * bug #27722 Redesign the Debug error page in prod

(javiereguiluz) * bug #27716 [DI] fix dumping deprecated service in yaml

(nicolas-grekas)

* Wed Aug 1 2018 Shawn Iwinski - 3.4.14-1

- Update to 3.4.14 (CVE-2018-14773 / CVE-2018-14774)

- Add conflict php-composer(phpdocumentor/type-resolver) < 0.3.0

* Fri Jul 13 2018 Fedora Release Engineering - 3.4.12-2

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Mon Jun 25 2018 Shawn Iwinski - 3.4.12-1

- Update 3.4.12

* Mon May 28 2018 Remi Collet - 3.4.11-1

- update to 3.4.11

* Thu May 24 2018 Remi Collet - 3.4.10-1

- update to 3.4.10

- ignore new dependency on symfony/polyfill-ctype

* Fri May 4 2018 Remi Collet - 3.4.9-1

- update to 3.4.9

[ 1 ] Bug #1611906 - CVE-2018-14773 php-symfony: Legacy HTTP headers allow users to modify URLs and bypass restrictions

https://bugzilla.redhat.com/show_bug.cgi?id=1611906

su -c 'dnf upgrade --advisory FEDORA-2018-9c38d1dc1d' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UEXOLS5O7DVCCNWZY5TXF4UW5O2KP2HK/